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Department  of  Computer  Science,  NYU 

University  of  Catania  -  Department  of  Mathematics 

1.  INTRODUCTION. 

In  this  paper  we  present  three  decidability  results  for  some  quantifier-free  and  quantified 
theories  of  sets  involving  rank  related  constructs. 

For  the  unquantified  case,  we  will  show  that  the  theories  in  the  language  0  (empty  set), 
=  (equality),  £  (membership),  U  (union),  \  (set  difference)  plus  rank  comparison  and  singleton 
(MLSSR),  or  plus  the  operator  pred^  (set-of-predecessors)  (see  [Vau])  defined  as 

pred<(x)  =  {z  :  rk{z)  <  rk{z)]  (MLSPR<), 

have  a  solvable  satisfiability  problem. 

As  for  the  quantified  case,  we  will  prove  that  the  propositional  closure  of  simple  prenex  for- 
mulas in  the  language  0,  =,  6,  rk  (rank  operator)  has  a  solvable  finite  satisfiability  problem. 

The  notion  of  trapped  places  and  trapped  variables  previously  introduced  in  [CFS]  is  here 
generalized  in  two  ways  and  plays  an  important  role. 

Other  results  concerning  rank  constructs  are  contained  in  [CFMS]  where  the  theory  MLS 
(cf.  [FOS])  extended  by  the  rank  operator  or  by  the  rank  comparison  predicate  are  shown  to  be 
decidable. 

[BFOS]  solves  the  ordinary  satisfiability  problem  for  some  elementary  quantified  theories. 

We  use  techniques  and  ideas  developed  in  [CFMS],  [CFS]  and  [BFOS].  For  all  the  definitions 
and  basic  properties  in  set  theory  we  refer  to  [Jec]  and  [Vau]. 

2.  PRELIMINARIES. 

In  [FOS],  the  theory  MLS,  which  is  the  set  of  formulas  built  using  the  boolean  connectives 
(conjunction,  disjunction,  implication  and  negation)  from  set  theoretic  atoms  of  the  following  types: 

X  =  V  U  z,    X  =  v\  z 
(2.1)  ' 

X  £  y,     X  =  i/j 

is  shown  to  be  decidable. 

Here  we  summarize  briefly  the  basic  concepts  and  results. 


It  can  be  shown  that  the  decision  problem  for  the  theory  MLS  is  equivalent  to  giving  an 
algorithm  for  deciding  satisfiability  of  any  conjunction  P  of  literals  of  type: 

(  =  )      X  =  yU  z,    X  =  y\z 
(2.2)  (e)      xey 

(^)     ^^y 

The  following  definitions  play  a  central  role  in  subsequent  sections. 

Definition  2.1.  A  place  tt  of  P  is  a  0/1-valued  function  on  the  set  of  all  variables  in  P  such  that 

7r(x)  =  7r(2/)  V  7r(2)    if   x  =  y\Jz    is  in  P 

and 

7r(a-)  =  7r(y)  A  -'7r{z)    if    x  =  y\  z    is  in  P. 

Definition  2.2.  Given  a  variable  x  of  P,  a  place  tt  is  said  to  be  a  place  o/P  at  x  if: 

n(y)  =1    if   X  E  y    is  in  P 

and 

7r(2/)  =  0    if   X  ^  y    is  in  P. 

In  the  next  sections  we  will  also  make  use  of  the  following  notions. 

Definition  2.3.  An  injective  model  of  di  formula  4>  is  any  model  of  0  which  maps  distinct  variables 
into  distinct  sets. 

Definition  2.4.  4>  is  injectively  satisfiable  if  it  has  an  injective  model. 

Clearly  the  following  holds: 
Theorem  2.1.  <t>  is  satisfiable  if  and  only  if  it  is  injectively  satisfiable.  • 

The  theorem  in  [FOS]  can  then  be  rewritten 

Theorem  2.2.   Let  V  be  a  normalized  conjunction  of  literals  of  type  (2.2).   Let  V  =  {2/1 , . . . ,  j/m} 
be  the  set  of  variables  occurring  in  P.  Then  P  is  injectively  satisfiable  if  and  only  if  there  exist 

(i)     a  set  U  =  {ttj,  . . .  ,7r„}  of  places  ofV; 

(ii)    a  mapping  x  1-^  tt^  from  V  into  11; 

(iii)  a  linear  ordering  ofJl 

such  that: 

(a)  no  two  distinct  variables  in  P  are  II- equivalent; 

(b)  for  each  x  in  V  and  tt  m  II,  ifn{x)  =  1  then  tt  <  tt'.  •  • 


3.  MLS  EXTENDED  BY  RANK  COMPARISON  AND  SINGLETON. 

Let  MLSSR  be  the  unquantified  theory  which  extends  MLS  by  adding  to  the  atoms  of  (2.1) 
the  following 

X  <  y  which  means  rank{x)  <  rank(y) 
(3.1)  X  <  y  which  means  rank{x)  <  rank{y) 

X  =  {?/},  where  {•}  is  the  singleton  operator. 

In  [FOS]  and  [CFMS]  the  extensions  of  MLS  with  each  of  these  constructs  were  shown  to  be 
decidable.  Here  we  wiU  show  that  both  extensions  can  be  handled  simultaneously,  thus  obtaining 
the  decidability  of  MLSSR.  Arguing  as  in  the  preceding  section,  in  order  to  prove  the  decidability 
of  MLSSR  it  is  sufficient  to  give  an  algorithm  for  detecting  injective  satisfiability  of  a  conjunction 
P  of  literals  of  type  (2.2)  and  (3.1).  We  can  assume  without  loss  of  generality  that  P  contains  the 
literals: 


(3.2) 


2/0  =  tf 

yi  =  {2/0} 

Let  n  =  {tto 7r„ ]  be  a  set  of  places  of  P  and  let  ?/o ,••••>  J/m  be  the  variables  in  P.  Put 

A.  =  {tTj  :Tj(2/.)  =  1} 

Notice  that  Aq  =  0. 

Definition  3.1.    Let  A,,A_,   be  such  that  A,  /  A_,.    We  write  A,   -^  Aj  if  and  only  if  either 
y,  =  {V]},  or  y,  <  yj,  or  y,  <  yj  is  in  P  . 

Definition  3.2.   A  set  A,  is  said  to  be  bounded  if  and  only  if  either  A,  =  0  or  A,  -^  0,  where 
— ^  is  the  transitive  closure  of  the  relation  — *  defined  above. 

Definition  3.3.   A  place  tt  G  11  is  called  trapped  ii  a^nd  only  if  tt  6  A,  for  some  bounded  A,.    A 
variable  j/;  is  trapped  if  and  only  if  every  tt  G  A,  is  trapped. 

Notice  that  ttq  and  yo  are  both  trapped. 

Decidability  of  MLSSR  is  an  immediate  consequence  of  the  following  theorem. 

Theorem  3.1.   Let  P  be  a  normalized  conjunction  o/MLSSR.  Let  V  =  {t/o,  •  •  •  ,2/m}  be  the  set  of 
variables  occurring  in  P.  Then  P  is  injectively  satisfiable  if  and  only  if  there  exist: 

(i)  a  setJl  =  {ttq,  . . .  ,7rn}  of  places  ofV;  {without  loss  of  generality  we  can  suppose  that  there 
exist  0  <  k  <  n  and  0  <  h  <  m  such  that:  only  ttq  . . . ,  ttj.  are  trapped,  ttq  is  a  place  at  0  and  only 
2/0,..., J/h  are  trapped); 

(ii)  nonempty  pairwise  disjoint  hereditarily  finite  sets  WJ,  0  <  j  <  k,  of  rank  lower  than  h  +  1 
such  that  the  assignment  Jl/y,  =  U,^  (  )=i  ^  ^^  ^'^  injective  model  for  the  subset  of?  involving 
only  trapped  variables; 

(iii)  a  mapping  x  h^  tt'  from  V  into  IT;  [for  simplicity  we  define  a  function  F  :  {0, . . . .  m]  — > 
{0, . . . ,  n}  such  that  F{i)  =  j  if  ir^'  =  ttj) 


(iv)  a  sequence  of  integers:   Tq  =  0  <  rj  <  . . .  <  r^  =  n-k    and  a  function  R  :  {/:+!,. . .  ,n}  —<■ 
{0, 1, . . .  ,e}  such  that: 

(a)   no  two  variables  in  P  are  H-equivalent; 

(6)   x^"(=  T^F(i))  is  a  place  at  yi  for  all  variables  in  P: 

(c)  if  yi  and  ttj  are  trapped  and  Myt  G  ttJ  then  tt"'  =  ttj  ; 

(d)  if  j  >  k  (i.e.   if-Kj  is  nontrapped)  then  rfnji_i  <  j  —  k  <  r^jy, 

(e)  ifi>h,j>  k  (i.e.  ifyi  and  tTj  are  not  trapped)  and  Trj{yi)  =  1  then  r^j^^j  <  rji^p^^^^^ 

For  all  i  G  {0, . . .  ,77i}  such  that  yi  is  nontrapped  we  put 
i'  =  max{R{t)  :  7r,(r/,)  =  1}. 

Then  we  have 
(/)   ^/2/ii  ^  Vi^  is  ^^  P  (^^d  Vix  is  nontrapped  then   i\  <  ij; 
is)   if  Vii  <  2/«2  is  i^  P  (^'^(^  Vi,   is  nontrapped  then   i\  <  i^; 
{h)  ifvi^  —  {2/12}  and  yi^  is  nontrapped  then 

(/i2)   z/tTj  /  7r^'=  «/jen  7r_, (?/,,)  =  0,  j  e  {0,...,n}; 

(hs)   if  F(i)  =  Fiio)  then  i  =  I'o,  for  all  i  £  {0,...,m}   (i.e.,  tt^'j   25  a  place  only  at 
the  variable  yt^); 

(h,)  R{F(i,))  =  i;  +  l. 
Proof:    (=>)  Assume  that  P  has  an  injective  model  M.  Let    (7Q,...,an      be  the  nonempty,  dis- 
joint parts  of  the  Venn  diagram  defined  by  Myo, . . .  ,Myr„  in  the  universe  Mj/o  U  ...  U  Mym  U 

{Myo,...,Mym]- 
Let 

,     ,  /   1        if  0-,    C    Mx  r  11       •  r«  -I 

'^^(^)=lO     ifa,nM:r  =  0    '    ^°^^"   je{0,...,n}. 

Let  n  =  {ttq,  . . .  ,7rn}  and  put  tt^-   =  ttj  if  and  only  if  Mj/,   G  CTj,  i.e.    /"(z)  =  j  if  and  only  if 
Myi  G  CTj . 

Assume  that  :ro, . . .  ,7rj.  are  the  trapped  places,  yo,.. .  ,yh  are  the  trapped  variables  and  that 
Xq  is  the  place  at  0.  Suppose  also  that  ji  <  j^  implies  rank{(Tj^)  <  rank{aj^)  and  /i  <  i^ 
rank{Myi^)  <  rank{Myi^). 

Lemma  3.1.  For  0  <  j  <  k,  Oj  is  hereditarily  finite  and  rank{aj)  <  /j  +  1. 

Proof:    Since  tTj  is  trapped  by  Definition  3.3,  tt^  G  A^  for  some  bounded  A;  .    Clearly  A;  ^  0. 

Hence  by  Definition  3.2,  A,  — *  0.  This  means  that  there  is  a  chain 

(3.3)  A.  =  A,,  ^  A....  -...--A,„  =  Ao  =  0 

with  t>\  (see  Definition  3.1). 

Claim.  For  every  1  <  /  <  <  and  for  every  ■Kj  G  Ai, 

(3.4)  Tank(aj)  <l-{-\ 

Proof  of  the  Claiim:  We  proceed  by  induction  on  /.  If  /  =  1  and  ttj  G  A,,  we  have 

A.,  -  0   and    Ai.  j^  0. 
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By  Definition  3.1,  it  follows  that  the  literal  y,,   =  {Vo}  is  in  P.  Since  A/y,,   =  {Myo]  =  {0},  it 
follows  that  ao  =  {0}  so  that  rank{ao)  =  1  <  2. 

Assume  now  that  the  claim  is  true  for  every  !</'</  and  let  tT;   6  Ai,   -*  Ai,_,   .    We 
distinguish  the  following  subcases. 
Case  1).  2/„  =  {y.,.,}  is  in  P.  Since  My,,  =  {My„_,}  then  a^  -  Myi,  .  By  induction  hypothesis: 

rank{Myi,   J  =       max       rank{a,)  <  /  -  1  +  1  =  /  . 

Hence  ran/;((T^)  =  ranA:(Mj/,,_,)  +  1  </+ 1. 

Case  2).  Either  y,,  <  yi,_,  or  y„  <  ?/„_,  is  in  P.  It  follows  by  induction  hypothesis 

rank{aj)  <  rank{Myi,)  <  rank{My,,_^)  <  I  <  I  +  I. 

This  completes  the  proof  of  the  claim. 

Without  loss  of  generality  we  can  assume  that  in  (3.3)  all  the  A,,  are  pairwise  distinct  (since 
any  cycle  can  be  skipped).  Therefore  each  reduction  —>■  introduces  a  new  trapped  variable.  This 
means  that  the  length  t  of  (3.3)  is  at  most  h.  This  together  with  (3.4)  proves  Lemma  3.1.  • 

We  choose  ri , . . . ,  r^  in  such  a  way  that  for  k  <  ji ,  J2  <  n: 

r^-i  <  h  -  ^,    h  -  k  <  r^  ^  rank{uj^)  =  rank{(7j^) 

and  we  put  iZ(ji )  =  R{J2)  —  o.- 

Trivially  (fc),  [d)  and  (e)  are  true. 

Let  us  prove  that  also  (/)  holds.  If  y,,  <  t/.j  then  rank{Myi^)  <  rank{Myi^)  .  Now 
Myi  =  U  r  1-1  '^i  ^^'^  ^^y>2  —  U,  (  )=i  <^]-  If  <i  is  the  maximum  index  of  elements  of  A^^ 
=  {tTj  :  7r_,(2/,J  =  1}  then 

rank{Myi^)  =  rank{Oa). 

For  each  j  such  that  7rj(y,, )  =  1, 

rank{aj)  <  rank{Myi^)  <  rank{aa)- 

It  follows  that  for  every  ttj  6  A,,,  R(j)  <  R(a)  and  this  completes  the  proof  of  (/). 

Similarly  we  can  show  that  (g)  holds. 

Finally,  it  is  trivial  to  see  that  (i)  also  holds,  completing  the  proof  of  the  theorem  in  one 
direction. 

(«i=)  Conversely,  if  there  exist  Il,W^,...  ,Ti^,x  t-f  tt^,  Tq,  . . .  ,rj  such  that  conditions  (b)-{i)  hold, 
we  build  a  model  for  P  in  the  following  way:  let  7  be  an  integer  such  that 

7>       J2      (|7i7|)  +  n  +  m. 

TT  J  trapped 

For  k  <  j  <  n  let 

I,  =  {0,l,...,n,...,7  +  i?(j)}\{j}. 
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So 

|/_,|  =  7  +  R{j)  and  rank{Ij)  =  7  +  Rij)  +  1, 

and  for  each  j  we  have  rank{Ij)  =  rajih{lfi(^j)). 
For  k  <  j  <  n  put 

_  f  {A/j/,  :  F(i)  =  j}  if  there   is   y.-  =  {j/,}  in  P  and  F{i)  =  j 

^      '  ^  ~  I  {/,}  U  {My,  :  F(i)  =  j]     otherwise. 

Notice  that,  by  condition  (/is),  (3.5)  is  independent  of  the  literal  j/i-  =  {j/i}. 
The  following  lemma  can  be  proved  much  in  the  same  way  of  Lemma  3.1. 

Lemma  3.2.  For  0  <  j  <  k,  a^  is  hereditarily  finite  and  rank{(Tj)  <  h  +  I. 

Lemma  3.3.  rank(aj)  =  rankilr^^^^)  +  1,  k  <  j  <  n. 

Proof:  We  proceed  by  induction  on  j.  If  j  =  A;  +  1  then  since  TTjt+i  is  nontrapped  it  cannot  be  the 

case  that  {ttj}  =  A;  for  some  literal  y,  =  {2/:'}  in  P.  Hence 

(7i  +  i  ={h+,}U{My,:F(i)  =  k  +  l}. 

Now,  if  My,  G  <Tk  +  i  it  follows  by  Lemma  3.2  that  rank{My,)  <h  +  l<-y+l  —  rank{Ii,  +  i). 
Therefore  rank{ak+\)  —  rank(Ik+i)  +  1  =  '''ank{Ifi(k+i))- 

Inductive  step:    case  a)  Cj    =    {A/?/,}.     By  condition  (/i4)  rank{aj)   =   rank{My,)  +  1   = 
Tank{ot)  +  1  for  some  t  such  that  7r,(?/, )  =  1  and  ?'*  =  R{t),  and 

R{j)  =  Rit)  +  1  =  r  +  1 

Since  y,  is  not  trapped  then  ttj  is  not  trapped  and  by  induction  hypothesis  rank{aj)  —  rank{at)-\- 

Case  b).  a_,  =  {/_,}  U  {My,  :  F(i)  =  j).  Now  if  My,  €  a,  and  ay  C  My,  then  by  (e) 

•      RiJ')  <  R{F{i))  =  R{j) 

So  rank{My,)  <  rank(Ir^  )  thus  rank(aj)  —  rank{Ij)  +  1  =  ranfc(/rpj^i)  +  1  completing  the 
proof  of  Lemma  3.3.  • 

Lemma  3.4.  If  s  <  k  and  s  <  j  then  a,  fl  Oj  =  0. 

Proof:  \i  2  <k  then  a,  HCTj  =  0  by  condition  (ii)  of  Theorem  3.1.  \i  j  >  k  then  Oj  —  {/j}  U  {Myi  : 
F{i)  =  j].  Ij  ^  a,  by  Lemma  3.2.  Similarly  if  y,  is  not  trapped  then  A/y,  ^  a,  by  Lemmas  3.2  and 
3.3.  Moreover  if  y,  is  trapped  and  F{i)  =  j  then  by  condition  (6)  Myi  ^  a,  since  s  :^  j  =  F{t). 
Consequently,  a,  H  Uj  =  0.  Lemma  3.4  is  thus  proved.  • 

Lemma  3.5.  If  k  <  s  <  jthena,  H  Oj  =  0. 
Proof:  We  proceed  by  induction  on  s. 

Base  Case:  If  5  =  A:  +  1  then  (7j.  +  i  =  {/jt  +  i}  U  {Myi  :  F{i)  =  k  +  1}  where  by  condition  (e)  all 
the  yi  such  that  F(i)  —  k  +  l  are  trapped.  So  if  <7j  =  {Af  y,-}  with  F{i')  =  j  then  Myi'  /  Myi  since 


My,'  is  not  trapped.  Moreover  Mj/;.  7^  7^  +  1  because  \h+i\  =  7  +  R(^^  +  1)  whereas  \Myi'\  <  7. 
Thus  if  cTj  =  {My,'}  then  at+i  n  cTj  =  0.  U  ctj  =  {7,}U  {A/j/,-  :  F(i')  =  j},  obviously  Ij  /  /t+i. 
If  F(i)  =  5  =  it  +  1  and  F(2')  =  j  we  know  that  j/,-  must  be  trapped.  If  y,'  is  also  trapped  then 
by  condition  (ii)  of  the  theorem  My,  /  My,-.  On  the  other  hand  if  j/,-  is  not  trapped  then  by 
Lemmas  3.2  and  3.3  My,  /  My,'.  This  shows  that  a^+i  n  <t_,  =  0  for  every  j  >  A:  +  1. 

Inductive  step.  Assume  that  the  assertion  is  true  for  every  k  <  sq  <  s  and  let  j  >  s.  Since 

a,  =  {I,}u{My,:Fii)  =  s} 
^^'^^  aj  =  {I,}U{My,,:F{t')  =  j} 

it  is  sufficient  to  show  that  the  right-hand  side  members  in  (3.6)  are  disjoint.  Indeed,  7,  /  7,  and 
7,  /  My,  by  Lemmas  3.2  and  3.3.  Finally  if  F{i)  =  s,F{i')  =  j  then  clearly  if  5  /  j.  My,  #  My,.. 
In  fact  we  have  the  following  two  cases. 

Case  a).  If  there  there  exists  ttj,  such  that  7rj(yi)  =  1  and  7ri(y,')  =  0  then  a^  C  A7y,  whereas 
by  induction  hypothesis  and  by  Lemma  3.4  at,  D  Myi'  =  0  yielding  Myi  7^  Myi'. 

Case  b).  If  7rj(y, )  =  1  — ►  7ri,(y,')  =  1  then  A7y,  C  Myi'.  On  the  other  hand  there  must 
exist  6'  such  that  7ri,'(y,')  =  1  and  ^^(yi)  =  0  otherwise  i  =  i'  and  so  F{i)  =  F(i').  Hence  by 
induction  hypothesis  CTj  H  a^  =0  for  every  b  such  that  7ri(y,)  =  1  showing  Myi  ^  My,'  since 
at'  C  A7y,'  \  My,.  This  completes  the  proof  of  Lemma  3.5. 

By  Theorem  2.1  we  can  affirm  that  M  is  also  an  injective  model  for  the  literals  of  type  (2.2) 
with  occurrences  of  nontrapped  variables.  Also  y,  <  y,'  is  in  P  with  yi  trapped  and  yi-  nontrapped, 
then 

My,  <  My,'  because  rank(My,)  <  h  and  rank{Myi')  >  7. 

If  yi,yi'  are  both  nontrapped  then  rank{Myi)  <  rank{Myi')  by  condition  (/).  Therefore  M  is 
a  model  of  all  the  literals  of  type  <.  Literals  of  type  y^  <  y,-  are  handled  in  a  similar  way  by 
making  use  of  condition  (g).  Finally  if  y,  =  {yi')  is  in  P  and  y,'  is  not  trapped  then,  by  (i), 
Myi'  —  <7f  (,/)  =  {Myi},  proving  that  M  is  indeed  a  model  of  P  and  in  turn  concluding  the  proof 
of  the  theorem.  • 

4.  MLS  EXTENDED  BY  THE  SET  OF  PREDECESSOR  OPERATOR. 

Consider  the  theory  MLSPR<  which  extends  MLS  by  adding  to  the  atoms  of  type  (2.1)  the 
following: 

(4.1)  X  =  pred^iy). 

where  pred^{y)  —  {z  :  rank(z)  <  rank{y)}. 

As  in  [FOB]  decidability  of  MLSPR<  is  equivalent  to  checking  injective  satisfiability  of  any 
conjunction  P  of  literals  of  type  (2.2)  and  (4.1).  The  following  theorem  establishes  the  decidability 
of  MLSPR<. 


Theorem  4.1.  Let  P  be  a  conjunction  of  literals  of  type  (2.2)  and  (4.1)  and  let  V  be  the  set  of 
all  variables  in    P.  Then    P  is  satisfiable  if  and  only  if  there  exist: 

(j)  a  set    n  =  {tti,  . . .  ,7rn}  of  pair  wise  distinct  places.  Let  V  =  {2/1 , . . . ,  t/m}  be  the  set 

of  all  variables  in  P. 
(ii)  a  mapping  yi  >—>  tt^'  . 

For  simplicity  we  introduce  the  function 

F:{l,2,...,m}  ^  {1,2, . . . ,  n), 

tt"'  =  TTj  if  and  only  if  F{i)  =  j. 

(iii)  a  sequence  of  integers,     0   =   ro    <    ri    <    . . .   <    rjt    =    n,       and  a  function  R   : 
{l,2,...,n}  -»  {1,2,...,A;}  such  that: 
(a)  rfi(j)_i  <  j  <  rn^j),     I  <  j  <  n; 
(6)  T^Ffi)  =  ^^'  2^  o  place  at  y,,     1  <  i  <  m; 

(c)  ifnjiyi)  =  1  </jen  rfi(_,)  <  r/}(j.(,)); 

(d)  i/y,,  =  pred<(j/,j)    is    m     P  then  if  we  put 

i'  =  max{i2(j)  :  7rj(t/,j)  =  1}    for    every    1  <  t'l  <  m,    then 
(di)  T^jiyi,)  -  1  if  and  only  if  j  <  r;. 

(^2)   ifys  is  such  that  s*  <  i\  then  F{s)  <  r^ ,  i.e.  i/tt"'  =  ttj  then  j  <  r,-  . 
Proof:  (=^)  Assume  that  P  has  an  injective  model  M.  Let  {yi, ...  ,ym}  be  the  set  of  all  variables 
in  P.  Let  cti,  . . .  ,a„  be  the  nonempty,  disjoint  parts  of  the  Venn  diagram  defined  by  Mj/i, . . .  ,Mym 
in  the  universe 

Myi  U...UMy^  U  {J\/yi, . . .  ,My„}. 

Let 

f  1       if  (Tj  C  Ma: 
^;(2-)  -  \q       ifCT,-  nMx  =  0    ' 

n  =  {tti,  . . .  ,7r„}  and  F{i)  =  j  *-*  My^  G  Uj.  Then,  by  [FOS],  IT  is  a  set  of  places  of  P  satisfying 
Mx  =  U,r  (j.)=i  CTj  ■  Without  loss  of  generality  we  can  suppose  that  if  ji  <  j^  then  rank{aj^)  < 
rank{Oj^).  So  we  choose  ri,...,rjt  in  such  a  way  that:  for  all  j\,J2,i'h-\  <  Ji,J2  <  ^h  <-> 
rank(aj^)  =  rank(aj^)  and  in  this  case  we  put:  R{ji)  =  RiJ2)  —  h-  Trivially  (a),  (6)  and  (c) 
are  true.  To  see  that  {d)  also  holds  assume  that  y,,  =  pred^{y,^)  is  in  P.  Then,  since  Afj/,,  = 
pred^(Myi^)  we  have 

■Kj{yi^ )  =  1  «-»  (7_,  C  My,j  <-►  rank{(Tj)  <  rank(Myi^)  *-^  j  <  r^- . 

Moreover  if  y,  is  such  that  s'  <  ij  then 

rank{My,)  <  rank{Myi,)  —  My,  G  My,,  —  CTj.,,,  C  My,^  -^  F(s)  <  r,- . 

(<=)  Conversely,  assume  that  II,  F,  ri,...,rk  and  R  exist  in  such  a  way  that  (a)-(rf)  are 
verified.  Let  Lj  =  {2?"i?(j),  j}.  So  we  have  rank{Lj)  =  2r^(j)  +  1.  Following  the  increasing  order  of 
Indices  put 

a,  =  {Lj}  U  {My,  :  F(/)  =  j},    j  ji  r,,    l<h<k 
^''■^^  a.,  =pred^i{Lr,})\(l  \J  a,]  U  {My,  :  s'  <  hU 
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and  My,  =  U,^(y.)=i  <t,. 

Lemma  4.1.  rank{aj)  =  rank(Ij)  +1,  I  <  j  <  n. 

Proof:  We  proceed  by  induction  on  j. 

Base  case:  a^  -  {/i}  U  {My,  :  F{s)  =  1}.  By  (c)  ii  F{s)  =  1  i.e.  n''-  -  Xj  then  7rj(j/,)  =  0 

for  aU  j.  Thus 

_l'{/i)u{0)     if      F(s)  =  1    for  somes 


I  {/i }  otherwise 

In  any  case  rank(ai)  =  rank{Ii)  +  1. 

Induction  step:   Suppose  that  tlie  assertion  is  true  for  any  a',  with  j'  <  j  and  let  us  show 
that  it  holds  for  a^ . 

Case  a)  j  =  r^  for  some  h.  So 

CT,  =  pred({I,})\{{\J  a,)U  {My,  :  s-  <  h]) 

First  we  show  that: 

(4.3)  /,  ^[ja,. 

t<j 

Indeed  let  t  <  j  and  consider  two  cases. 

Case  Ci.  R{t)  <  h.  In  this  case  by  induction  hypothesis 

rank{a,)  =  rank{It)  +  I  —  'Ir^^^^  +  2  <  2Th  +  1. 

In  fact,  r^,,,  +  1  <  r^,  so  rfl^,_,  +  2  <  2rh  <  2rh  +  1.    But  rank{Ij)  =  2rh  +  1,  thus  rank{a,)  < 
rank{Ij).  So  /,  ^  ct,. 

Case  02.  R(t)  =  h.  In  this  case  t  is  not  of  type  rt,,  I  <  b  <  h.  So 

a,  =  {I,}u{My,  ■.F(s)  =  t] 

Since  t  <  j,  /,  ^  If  Moreover  rank{My,}  =  rank  (Uj^,y,)=i  (^a)-  Furthermore 

^aiy,)  =  1  ^  a  <  F(s)  =  t<j. 

By  (c)  it  follows  that  r^(a)  <  ^^(o  =  j-  By  induction  hypothesis 

Tank{(Ja)  =  rank{Ia)  +  1  =  ^rj^^)  +  2  <  2rft  +  1- 

It  follows  hence 

rank{My,)  <  2rh  +  1,    whereas    rank(Ir^)  =  2rt,  +  1. 

Therefore  Ij  ^  Myt  and  /_,  ^  a,.  This  completes  the  proof  of  (4.3). 
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Let  us  now  prove 
(4.4)  /;  ^  {My,  :  s*  <  h). 

By  the  argument  of  (Case  02)  and  by  induction  hypothesis 

rank{My,)  =  rank{ar,. )  <  rank{ar,. )  +  1  <  rank(ar^)  +  1. 
Therefore  if  s*  <  h,  My,  /  /,.  (4.3)  and  (4.4)  show  that 


So  we  can  conclude 

rank{aj)  =  rank{Ij)  +  1 

Case  b).  ;  /  r^,  1  <  /i  <  k.  In  this  case  ctj  =  {7^}  U  {My,  :  F{s)  =  j].  On  the  other 
hand,  if  F{s)  =  j  then  by  (c)  T^tiy,)  =  1  ^  rj^t)  <  '•r(j),  yielding  2rR(i,)  +  2  <  2r;},_,)  +  1. 
Therefore  if  F{s)  =  j  and  Trh{y,)  =  1,  rankiirt,)  =  2rfnt,)  +  2  <  rank{Ii)  and  consequently 
rank{My,)  <  rank(Ij)  which  shows  that  even  in  this  case  rank(aj)  =  rank(Ij)  +  1.  Thus,  the 
proof  of  Lemma  4.1  is  completed.  • 

Lemma  4.2.  (Tj,  n  ct^^  =0  whenever  ji  <  J2. 

Proof:    If  jo  =  Th  for  some  I  <  h  <  n,  then  by  (4.2)  the  lemma  holds.    So  we  can  assume  that 

J2  ^  fhi  ^  ^  h  <  k  and 

(4.5)  a,,^{I,,}U{My,:F{s)  =  h}. 

We  proceed  by  induction  on  ji . 
Base  case:   Let  us  show  that  Oi  D  (Jj^  =  0  if  J2  >  1-   By  the  argument  used  in  the  proof  of  the 

preceding  lemma 

_   f  {/i }  U  {0}     if  F{s)  =  1  for  some  1  <  5  <  m 
^       I  {A }  otherwise  . 

Now  /i  ^  Ij^  and  /i  ^  My,  since  /i  has  odd  rank,  whereas,  by  the  preceding  lemma,  My, 
has  even  rank.  It  follows  by  (4.-5)  that  /j  ^  ctj^.  On  the  other  hand  if  F{s)  -  1  then  0  0  ctjj. 
Consequently  CTj  fl  ct^^  =  0. 

Inductive  step):  Assume  that  the  lemma  holds  for  \  <  j'  <  j\  and  let  us  show  that  aj^  ncr^^  =  0 
whenever  ji  <  j^. 

Case  1).  ii  7^  ^h,  1  <  /i  <  A;.  Then 

<^u  ={/;,}u{Mt/,  :F(6)  =  ii} 
a,,  =  {/,JU{M2/,,  :F(5')  =  j2} 

We  have:  /,,  /  /j^;  Ij^ilji  7^  My,,  My,'  for  every  s,s',  since  the  /,'s  have  odd  ranks  whereas 
My,'s  have  even  rank  for  every  s.  Therefore  to  show  disjointness  it  is  sufficient  to  prove  that 

My,  /  My,,    if    F{s)  =  j,    and    Fis')  =  j.. 
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Indeed  by  the  induction  hypothesis  and  by  (c) 

ot,  ncr,,  =  0 
for  every  ii  such  that  ■Kt,{y,)  =  1,  ^2  /  ^-  It  follows  that: 

My,  =       \j      a,i^  My,,  =        U       a,,. 

T,(y,)=l  f|'(y.')=l 

Since  F(5)  /  F(s'),  then  5  ^  s'  and  y,  /  y,.,  implying  My,  /  My,'.  This  completes  the  proof  of 
disjointness  in  case  1). 

Case  2)  j'l  =  r^  for  some  \  <  h  <k. 

a„  =  a.,  =  pred<({/.J)  \  {\J  o,^  {My,  :  s'  <  h]\ 

Since  rant(/j  J  >  ranirC /^  J  then  7,^  ^  ct^,  .  Moreover  My,-  e  <7_y,  implies  that  either  ran/:( A/ y,-)  >| 
Tank(Ir^  )  and  so  My,,  ^  ct^^  or  rank{My,,)  <  rank{Ir^)  and  so  5'*  <  h  which  by  (3.2)  implies 
My,'  ^  CTr^ .  Lemma  2  is  then  completely  proved.  • 

From  Theorem  2.1  it  follows  that  M  is  a  model  for  all  the  terms  of  type  (2.2)  in  P.  Moreover 
assume  that  y,,  =  pred^(j/,, )  is  in  P.  Let  z  £  pred<(M?/,J  then  rank{z)  <  rank{Myi^)  = 
rank{ar.)   =   rank{Ir  .)  +  1.     It  follows  that  z   6   pred^({/r^. }).     By  condition  [di)  we  have 

""r..  (y.,)  =  1  s-iid  then 

3 

pred<({7..  })\(   U    a,U{My,:s'<i'^])CMy,,. 


(<r,. 


This  implies  that  if  z  ^  (U,<r  .  <^tU  {My,   :  s'   <  i'^})  then  z  G  Afy^,.    On  the  other  hand  if 

'2 
2  G  Ut<r  .  <^i  then  5  G  a^  for  some  <'  <  r^..  It  follows  that  by  condition  {di )  we  get 
'3 

T('(yiJ  =  l    giving   cr,'  C  My,,    and    z  e  Myi^. 

Finally,  if  2  G  {My,  :  s'  <  ij}  then  z  =  My,  for  some  s  such  that  s*  <  Zj.  By  (£^2)  we  have 
F{s)<  r..  andby(di) 

2  =  My,  G  crf(,)  C  Myj,. 

Thus  we  have  showed  that  pred<(Mt/,j)  C  My,,.  Conversely,  let  z  £  Myi^.  Then  2  G  cr,  for 
some  i  <t  <  n  and  T^tiyi,)  =  1-  By  (di)  /  <  r,-,  yielding  ran/c(2)  <  rank{a,)  <  rank{{Ir^.}) 
=  rank{Myi^).  Therefore  My,^  C  pred<  (My,  J.  This  shows  that  My,^  =  pred< (My;  J  and  the 
proof  of  the  theorem  affirming  the  decidability  of  MLSPR<  is  complete. 
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5.  FINITE  SATISFIABILITY  OF  FORMULAS  INVOLVING  RESTRICTED  QUAN- 
TIFIERS AND  THE  RANK  OPERATOR. 

A  prenex  formula  QiQ  2  ...  <5„  pis  called  simp/e  if  fori  =  1,2,..  .,n  either  every  Qi  is  (3y,  G  •?,) 
or  every  Qi  is  (Vy,  G  2,),  and  no  Zj  is  a  y,  for  any  i,j  =  l,2,...,n  (cf.  [BEOS]).  Let  T  be  the 
quantifier-free  theory  in  the  language  0,  =,  G,  rk  (where  rk  is  a  function  symbol  which  maps 
sets  into  their  rank).  The  following  theorem  contains  an  implicit  algorithm  for  deciding  finite 
satisfiability  of  the  propositional  closure  of  the  class  of  simple  formulas  over  matrices  belonging  to 
the  theory  T. 

Theorem  5.1.  Let  F  be  a  conjunction  of  simple  prenex  formulas  of  the  theory  T,  and  let  V  = 
{j/i,. . . ,  j/m}  be  the  set  of  free  variables  occurring  in  P.  Without  loss  of  generality  we  can  assume 
that  existential  quantifiers  are  not  present  in  P  since  they  can  be  eliminated  by  introducing  a  new 
variable  for  each  existentially  quantified  variable.  Let  U  6e  a  set  of  variables  disjoint  from  V  and 
such  that: 

\U\  <m-  +6m+  |V„  +  i|, 

where  V^  is  the  collection  of  all  sets  having  rank  less  than  m.  Put  Vq  =  ^  U  {0}  and  let  P'  be  the 
formula  resulting  from  P  by  replacing  each  formula  (Vx  G  z)p  by  the  set  of  formulas 

{{xez^p)l:weUUVo}] 

until  all  the  univeral  quantifiers  are  eliminated.  Then  P  is  injectively  satisfiable  if  and  only  if  there 
exist 

(1)  a  function    '  :  V  — ►  f /^  U  Vo  (predecessor); 

(2)  a  function   "   :  U  i^Vo  ->  U  \JVo  (rank); 

(3)  a  set  Q  of  membership  relations  such  that  for  all  x  and  y  in  U  U  Vq  either  x  £  y  or 
X  ^  y  occurs  in  Q; 

(4)  a  disjunct  P"  of  a  disjunctive  normal  form  ofY'  such  that: 

(a)  P"  A  Q  does  not  contain  any  explicit  contradiction  of  the  form  A  A  -'A,  where 
P"  denotes  the  formula  obtained  by  recursively  substituting  each  term  rk(^x)  by 
X,  until  all  terms  rk{x)  are  eliminated; 

(6)  Q  does  not  contain  any  cycle  of  memberships  Xq  £  Xi  G  • . .  G  Xq; 

(c)  if  X  E.  y  is  in  Q  then  "x  £.y  is  in  Q; 

(d)  if  X  E  y  is  in  Q  then  x  =  x; 

(e)  if  y  is  in  V  then  y'  £  y  is  in  Q.  Moreover  if  x  E  y  is  in  Q  then  either  x  £  y'  or 
X  =  y'; 

(/)  X  ^  9_is  in  Q  for  all  x  in  U  UVq; 

(g)  0  =  0  is  inQ; 

(h)  for  all  X,  y  in  U  l)  Vo  such  that  x  ^  y ,  either  x  £  y  or  y  £  x  is  in  Q. 


t  By  0^''    '"^"^  we  denote  the  result  of  simultaneously  substituting  in  (t>  all  free  occurrences  of 
Xj , . . . ,  x„  with  the  terms  Wi,. . .  ,Wn 
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Given  x  in  U  L)  Vq,  we  say  that  x  is  trapped  if  and  only  if  either  x  =  <lor  x  =  z 
for  some  trapped  z,  or  x  is  trapped,  or  x  is  in  V  and  x'  is  trapped.   Then 

(j'l)   \{x  in  U  UVq  :  X  is  Jiontrapped}\  <  m'  +  6m; 

(in)  if  we  define  a  partial  assignment  M'  over  the  trapped  variables,  by  recursively 
putting  M*0  =  0  and 

M'x  =  {M'y  :  {y  is  in  U  U  Vq)  A  (y  is  trapped)  A  (y  e  x  is  in  Q)} 

then 

M'x  =  rk{M' x)    for  all  trapped  x\ 

(is)  for  every  pair  x,y  in  the  set  S  =  V  U  {x  :  x  is  trapped}   U  {x  :  x  is  in    U  U  Vq], 

if  X,  y  are  distinct  then  there  exists  z  in  U  U  Vq  such  that  exactly  one  of  the  two 

literals  z  £  x,    z  E  y    is  in  Q. 

Proof:   Assume  first  that  P  is  finitely  satisfiable  and  let  M  be  a  model  of  P.  Since  Mx  is  finite 

for  aU  X  in  F,  we  can  define  the  map  '  as  follows:  let  a;  be  in  V  and  let  s^  be  any  element  of  Mx 

such  that  rank(Sj:)  +  1  =  rank(Mx).  Then,  if  5^  =  My  for  some  y  for  which  M  is  defined,  we  put 

x'  =  y  otherwise  we  pick  up  a  new  variable  Zj.  and  put  x'  =  z^  and  Mz^  —  s^.  Let  IJ\  be  the  set 

of  the  new  variables  z  introduced  in  the  preceding  step.  Clearly  \lJ\\<m. 

Next  we  partition  the  variables  in  Vq  U  f^i  according  to  the  rank  of  their  model.    For  each 

class  C  of  variables  in  the  partition  we  do  the  following:    let  x  be  any  variable  in  C;   then  if 

Tank{Mx)  —  My  for  some  y  for  which  M  is  defined,  we  put  x  =  y  and  also  ~  =  y  for  all  2  G  C, 

otherwise  we  introduce  a  new  variable  z,.  and  put  Mzj.  =  rank{Mx),  I7  s  z^,  J  =  2^  for  all  z  in 

C.  Let  U2  be  the  set  of  variables  introduced  during  the  preceding  step.  Trivially  IC/2I  <  2m.   We 

also  put 

Qi  =  {{x  e  y)  :  x,y  are  in  Vq  U  U^  U  U2  and  Mx  €  My)U 

{{x  ^  y)  :  x,y  are  in  Vq  U  Ui  U  Uo  and  Mx  ^  My}. 

Using  much  the  same  definition  given  before  condition  (i)  of  the  theorem  (but  with  respect 
to  Vo  U  Ui  U  U2  in  place  of  Vq  U  ^  and  the  set  of  membership  relations  Qi  in  place  of  Q),  we  can 
define  the  notion  of  trapped  variables.  Let  £0  be  the  maximum  length  of  any  chain  of  membership 
relation  in  Qi  of  trapped  variables.  Then 

(5.1)  io  <  m. 

Indeed,  by  inducting  on  the  length  of  the  derivations  needed  to  prove  the  trappedness  of 
variables,  it  is  easy  to  see  that  for  each  trapped  variable  x  there  is  a  variable  z^  in  Vo  such  that  x  = 
17.  Therefore,  li  Xq  E  x^  £  . . .  £  Xr  is  any  chain  of  memberships  of  trapped  variables,  then  there 

must  exist  2/,„,  t/i, , . . .  ,2/i,  in  Vq  such  that  rank{Myi^)  e  rank{Myi^_^,J  for  all  j  =  0,1 r  -  1. 

Hence  r  <  m,  which  proves  (5.1). 

Let  TRANS  be  the  transitive  closure  of  the  set  {Mx  :  i  is  in  Vq  U  ?7i  U  U2  and  x  is  trapped). 
Notice  that  if  5  G  TRANS  then  rank{s)  €  TRANS.  Notice  also  that  since  4  <  m  then  TRANS  C 
V„+i  and  consequently  |TRANS|  <  |V„+i  ].  Now,  for  each  set  s  6  TRANS  \{Mx  :  x  G  VUU1UU2} 
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introduce  a  new  variable  z,  and  extend  M  by  putting  Mz,  =  s.  Let  U3  be  the  set  of  all  new  variables 
introduced  at  this  step;  clearly  If/a]  <  |V„,  +  i|.  In  addition,  we  extend  the  map  ~  to  f/3  by  putting 
X  =  z  where  Mz  —  rank{Mx). 

For  each  pair  of  distinct  x,  y  in  Vo  such  that  the  set  (Mx  \  My)  U  (My  \  Mx)  does  not  contain 
any  element  of  type  Mz,  we  choose  an  element  5r,y  in  [Mx  \  My)  U  (My  \  Mx),  introduce  a  new 
variable  z^^y  and  define  Mzx^y  =  s^y.  Also,  li rank{Sj:^y)  =  rank{Mz),  for  some  z,  we  put  "z^  =  J 
otherwise  we  introduce  a  new  variable  Zr  and  put  J^  =  z^  =  z^  Let  f/4  be  the  set  of  the  new 
variables  introduced.  Trivially  |i74|  <  2('"+^)  =  m^  +  m. 

Finally,  for  each  variable  x  in  V  such  that  Mx  is  not  an  ordinal,  we  distinguish  the  following 
two  cases  according  to  whether  Mx  contains  nonordinal  elements  or  not.  In  the  first  case,  we 
pick  a  nonordinal  element  of  Mx,  say  s.  We  introduce  a  new  variable  z^  and  put  Mz^  =  s. 
In  addition,  if  rank{M z^)  is  not  already  present,  we  introduce  another  new  variable  z^  and  put 
Mzr  =  rank{Mzx)  and  extend  ~  by  putting  17  =  17  =  2^,  otherwise  we  put  Y^  =  z,  where 
rank{Mzr)  =  Mz. 

In  the  second  case,  i.e.  if  Mx  is  a  set  of  ordinals,  Mx  cannot  be  transitive  for  it  would  be  an 
ordinal  itself,  so  we  can  pick  two  sets  Si  and  53  such  that  S2  G  5i  €  Mx  and  Sj  ^  Mx.  Again,  if  it 
is  the  case  we  introduce  new  variables  for  Si,S2  a-nd  their  ranks  extending  the  map  "accordingly. 
Let  U5  be  the  set  of  new  variables  introduced  in  the  above  step.  Clearly  l^/sl  <  2m. 

Finally  we  put  {/  =  U,=i  Ui.  We  plainly  have 

5 
|C/|  =  lU  U,\  <  m- +  6m  +  |V„  +  i|. 
1=1 

Now  define 

Q  =  {{x  ey):x,y  eU  Li  Vo,Mx  e  My}  U  {{x  ^  y)  :  x,y  e  U  Li  Vo,Mx  ^  My} 

Clearly  condition  (3)  is  satisfied. 

Let  P'  be  the  formula  resulting  from  P  after  eliminating  quantifiers  from  it  in  the  way  described 
in  the  statement  of  the  theorem.  Obviously  AI  is  also  a  model  of  P'.  So  let  P"  be  a  disjunct  of  a 
disjunctive  normal  form  of  P'  which  is  satisfied  by  M. 

The  way  in  which  the  original  model  M  has  been  extended  assures  that  conditions  (a)-(i)  are 
all  satisfied,  thus  establishing  the  theorem  in  one  direction. 

Conversely,  assume  that  the  set  U,  the  functions  ',~,  the  set  Q  and  a  conjunction  P"  can  be 
found  as  in  (l)-(4)  and  such  that  all  conditions  (a)-(i)  are  satisfied.  We  can  also  assume,  without 
loss  of  generality,  that  there  are  nontrapped  variables.  Indeed,  if  all  variables  were  trapped,  then 
by  (12)  M'  would  be  a  model  of  P.  So,  let  w  be  an  G-minimal  nontrapped  variable  such  that  w  =  w. 
Let  0  G  a^i  6  . . .  G  Xt  be  a  longest  chain  of  trapped  variables.  Observe  that  k  <  m.  Indeed,  by 
reasoning  as  in  the  proof  of  Lemma  1,  for  each  trapped  variable  x  there  exists  a  variable  Zj.  in  Vq 
such  that  T  =  27.  Thus,  in  correspondence  of  i) , . . . ,  x^  we  can  find  j/^, , . . . ,  j/,^  in  Vq  such  that 
yij=  ^1  for  all  j  =  l,...,k.  But  since  Xj  G  a^j+i,  then  xj  e  ^T+T?  i-^-i  fj  ^  Vj+T^  J  -  l,---,^'  -  1- 
Therefore  from  (h)  we  deduce  that  the  variables  y,  must  be  pairwise  distinct,  thus  showing  that 
k  <  m. 
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Let  w  be  an  G-minimal  nontrapped  variable  such  that  w  =  w  and  let  Zi  ,2^21  •  •  •  i-^m  +  e-t  be 
newly  introduced  variables.  Add  to  Q  the  sets  of  relations: 

m  +  6-k 

U    Ql 

«=i 

{z,  £  Zj  :    i  <  j,  i,j  =  l,...,m  +  6  -  k} 
{z,  ^  Zj  :    i>  j,  i,j  ^  l,...,m  +  6-  k] 

Also  extend  ~  to  2i,Z2,..  .,2m  +  6-t  by  putting  J,  =  Zi  for  all  i  =  1, . . .  ,m  +  6  -  k.  Let  W  = 
U  UVqU  {zi,Z2,.. .  ,Zm+6-k]-  It  is  immediate  to  verify  that  after  the  insertions  of  variables  z  and 
the  consequent  update  of  ~  and  Q,  conditions  (a)-(i)  of  the  theorem  still  hold. 

Definition  5.1.  A  variable  x  in  W  is  said  to  be  an  ordinal  variable  iiT  =  x. 

Given  an  ordinal  variable  x,  we  denote  by  height{x)  the  length  of  a  longest  chain  of  memberships 

<!s  e  xi  £  X2  e  ■■■  e  X,  =  X. 

For  each  variable  z  in  W,  we  put 

prk{z)  =  height{J)  (pseudorank). 

Let  5i,S2<-  ■  •  i-Sm=+6m  be  pairwise  distinct  elements  of  Vm+7  \  {Vm  +  i}-  For  each  h  >  m  +  7 
and  j  =  1,. . .  ,m-  +  6m  we  put 

ih.:  ={V,_2}U(V,_2\{5;}), 

and  call  the  sets  i^j  individuals.  Clearly,  rank(i(,  j)  =  h  —  1. 

From  (a)  and  (6),  we  can  define  the  model  M  by  induction  on  the  pseudorank  of  the  variables. 
We  put  M0  =  0.  Next,  assume  that  M  has  been  defined  for  all  variables  y  such  that  prk{y)  <  k. 
Let  Ui^Uo,-  ■  ■  ,uc^  be  all  variables  having  pseudorank  equal  to  A;.  If  fc  <  m  +  7,  we  put 

(5.2.1)  Muj  ^  {My:  ye  Uj  ism  Q),    ;  =  1,2,...,4 

On  the  other  hand,  if  k  >  m  +  7,  we  can  assume  without  loss  of  generality  that  Ui  =  Ui  and  that 
U2 , .  ■  • ,  Urt  are  in  V,  whereas  Ur^  + 1 , . . . ,  u^^  are  not  in  V.  Then  we  put 

(5.2.2)  M-.  =  {\u''-'V''''"Vinr    ^    ^'  =  '^^--''% 

■'        \,  {My -.y  €  Uj  IS  m  Q}U  {tkj}     li  i  =  r^+i,. . .  Jk 

We  will  prove  that  M  is  an  injective  model  of  P  by  showing  that 

•  M  is  injective; 

•  M  is  a  model  for  P"; 

•  M  is  a  model  for  P"; 

•  M  is  a  model  for  P' . 

We  have  the  following  elementary  lemma. 

15 


Lemma  5.1.  For  all  variables  x  in  W  and  individuals  i,,  j,  \Mx\  <  \ih,j\  ■ 
Proof.  Indeed 

\Mx\  <  \W\  +  1  <  iV,n+i|  +  m2  +  7m  +  7  <  |V^  +  2|  <  |Vh_2|  =  |u,;| 


The  preceding  lemma  implies  easily  the  injectivity  of  M. 
Lemma  5.2.  M  is  injective. 

Proof.  Assume  by  contradiction  that  M  is  not  injective.  Let  ii  be  a  variable  in  W  of  lowest 
pseudorank  such  that  Mxi  =  Mx-,  for  some  Xj  distinct  from  x^.  In  view  of  (5.2),  we  can  write 

Mil  -  {My  :  y  e  xi  is  in  Q}  U  h, 
Mx2  =  {My  :  2/  G  X2  is  in  Q}  U  7^,, 

where  /r,  (resp.  I^:,)  is  empty  or  is  the  singleton  of  the  individual  associated  with  x^  (resp.  X2). 
Since  ij  ^  X2,  then  7^,  n  7^,  =  0.  Thus  by  the  preceding  lemma  7;,,  =  7^,  =  0.  This  implies  that 
Xi  and  X2  are  in  V  U  {x  :  2:  is  trapped}  U  {x  :  x  is  in  W}.  Therefore,  by  (13)  there  exists  z  in  W 
such  that  z  e  Xi  is  in  Q  if  and  only  if  2  G  X2  is  not  in  Q.  Assume  without  loss  of  generality  that 
2  e  xi  is  in  Q  and  that  2  G  Xj  is  not  in  Q.  Since  Mz  G  Mxi  =  Mx2,  it  follows  that  there  exists 
a  variable  z'  ^  z  such  that  z'  G  X2  is  in  Q  and  M z'  -  Mz.  But  this  contradicts  the  minimality  of 
the  pseudorank  of  Xi ,  thus  proving  the  lemma.  • 

Lemma  5.3.  M  is  a  model  for  P". 

Proof:  If  the  literal  x  e  y  occurs  in  P",  then  by  (a)  and  (3)  x  G  j/  is  also  in  Q.  Thus  by  (5.2) 
Mx  G  My.  On  the  other  hand,  if  x  ^  y  is  in  P",  by  reasoning  as  in  the  preceding  case  it  follows 
that  x  ^  y  is  m  Q.  Therefore  the  preceding  two  lemmas  imply  that  Mx  ^  My.  This  proves  that 
all  conjuncts  in  P"  are  correctly  modeled  by  M  and  in  turn  that  M  is  a  model  of  P".  • 

Lemma  5.4.  M  is  a  model  for  P". 

Proof:  It  is  enough  to  prove  that  for  all  x  in  W 

Ml  —  rank{Mx). 

Notice  that  if  x  is  trapped,  then  A7x  =  M'x.  Thus  by  (ij)  A7x  =  rank{Mx).  So  we  can  assume 
that  X  is  nontrapped.  Suppose  first  that  x  is  an  ordinal  variable.  We  will  show  that  in  this  case 

(5.3)  Mx  =  height{x). 

We  proceed  by  induction  on  height{x).  If  height(x)  -  0  then  x  =  0  and  by  (/)  and  (5.2) 
we  have  Mx  =  0  =  height{x).  Suppose  that  (5.3)  holds  for  aU  ordinal  variables  y  such  that 
height{y)  <  height(x).  Observe  that  by  definition  Mx  =  {My  :  y  e  x  isin  Q}.  If  t/  G  x  is  in 
Q,  then  by  (d)  y  is  an  ordinal  variable.  Clearly  height(y)  <  height{x).  Thus  Mx  C  height{x). 
Conversely,  assume  that  s  G  height{x).  Then  there  exists  an  ordinal  variable  y  such  that  there  is  a 
chain  in  Q  of  membership  relations  leading  from  y  into  x  and  such  that  height{y)  =  s.  Thus  by  (h) 
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and  (6)  the  literal  y  e  x  is  in  Q  and  therefore  s  =  height{y)  =  My  €  Mx.  Hence  height(x)  C  M x 
which  together  with  the  previously  proved  set  inclusion  yields  Mx  =  height{x).  Observe  that  in 
the  case  in  which  x  is  an  ordinal  variable,  (5.3)  clearly  implies  MY  =  rank{Mx). 

Next  suppose  that  x  is  not  an  ordinal  variable.  We  distinguish  two  cases  according  to  whether 
X  is  in  V  or  not.  Assume  first  that  x  is  in  V.  Let  s  £  Mx.  Thus  by  (5.2)  5  =  My  for  some 
variable  y  for  which  y  £  x  is  m  Q.  From  (e)  it  follows  that  either  y  £  x'  or  y  =  x'.  In  any  case 
My  <  M'P.  Thus,  again  by  (e),  s  .=  My  <  rank{Mx')  <  rank{Mx)  and  in  turn  Mx  C  rank{Mx). 
Conversely,  let  s  6  rank{Mx).  Then  s  =  rank(My)  for  some  y  for  which  y  e  x  \s  m  Q.  Clearly 
prk{y)  <  prk{x).  Thus  by  induction  5  =  My.  But  y  e  x;  therefore  s  e  Mx  which  implies 
rank{Mx)  C  MY.  In  conclusion  we  proved  that  Mx  =  rank(Mx)  in  the  case  in  which  x  is  in  V 
too.  It  only  remains  to  verify  that  the  same  equality  holds  even  if  x  is  not  in  V . 

So,  suppose  that  x  is  a  nontrapped,  nonordinal  variable  which  is  not  in  V.  By  (5.2),  Mx  = 
{My  :  2/  €  X  is  in  Q}u{ij:},  where  rank{i^)  =  prk{x)-l.  If  j/  G  x  is  in  Q,  then  by  (c)  ye  x  is  also  in 
Q.  Thus  My  G  Mx  -  prk(x)  which  implies  My  <  prk{x)  -  1.  Hence,  rank{Mx)  =  prk(x)  -  Mx. 

Summing  up,  we  have  proved  that  MY  =  rank{Mx)  for  all  x  in  W .  Therefore  M  is  a  model 
for  P".  • 

Lemma  5.5.  M  is  a  model  for  P'. 

Proof:  Since  P"  is  a  disjunct  of  P',  it  follows  immediately  that  M  is  also  a  model  of  P' .  • 

We  are  now  ready  to  prove  that  M  is  a  model  of  P.  We  do  this  by  showing  that  every  conjunct 
C  of  P  is  satisfied  by  M .  So  let  C  be  any  conjunct  of  P.  We  can  assume  that  C  has  the  form 

(Vxi  e  2/1  )...(Vx„  G  yn)p, 

since  all  unquantified  conjuncts  of  P  are  contained  in  P' .  Let  Si  G  Myi, . . .  ,s„  G  My^.  Then 
5,-  =  Mzi  for  some  2,  such  that  the  literal  z,  G  2/i  is  in  Q,  i  =  1, . . . ,  n.  Thus, 

(a^i  6  2/1  -^  (a-2  e  2/2  ^  •  •  •  ^  (a:„  e  y„  —  p)  ■  ■  •))!,'::..:r; 

is  in  P'  and  therefore  it  is  satisfied  by  M.  In  particular,  since  Mzi  G  Mt/i,  i  =  1, ...  ,n,  it  follows 
that  (pf,';  ;f;)^'  =  true,  i.e  p^H^i/^i]  bn/>n]  _  tp^e.  Hence  M  satisfies  C.  This  proves  that  M 
is  a  model  for  P  and  concludes  the  proof  of  the  theorem.  • 
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